CVSS: 8.8EPSS: 0%CPEs: 28EXPL: 0CVE-2021-38178
https://notcve.org/view.php?id=CVE-2021-38178
The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious code can reach quality and production, and can compromise the confidentiality, integrity, and availability of the system and its data. El sistema de logística de software de SAP NetWeaver AS ABAP y ABAP Platform versiones - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, permite a un usuario malicioso transferir artefactos o contenido de código ABAP, omitiendo las puertas de calidad establecidas. Mediante esta vulnerabilidad el código malicioso puede llegar a calidad y producción, y puede comprometer la confidencialidad, integridad y disponibilidad del sistema y sus datos • https://launchpad.support.sap.com/#/notes/3097887 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983 •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2021-38181
https://notcve.org/view.php?id=CVE-2021-38181
SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. SAP NetWeaver AS ABAP y ABAP Platform - versiones 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, permite a un atacante impedir que los usuarios legítimos accedan a un servicio, ya sea al bloquear o inundar el servicio • https://launchpad.support.sap.com/#/notes/3080710 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983 •
CVSS: 7.5EPSS: 1%CPEs: 17EXPL: 2CVE-2021-33678 – SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization
https://notcve.org/view.php?id=CVE-2021-33678
A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. An attacker could thereby delete some critical information and could make the SAP system completely unavailable. Un módulo de funciones de SAP NetWeaver AS ABAP (Reconciliation Framework), versiones - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, 75F, permite a un atacante con altos privilegios inyectar código que puede ser ejecutado por la aplicación. De este modo, un atacante podría eliminar información crítica y hacer que el sistema SAP no esté disponible completamente The SAP application server ABAP and ABAP Platform are susceptible to code injection, SQL injection, and missing authorization vulnerabilities. Multiple SAP products are affected. • http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html http://seclists.org/fulldisclosure/2022/May/42 https://launchpad.support.sap.com/#/notes/3048657 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2021-33677
https://notcve.org/view.php?id=CVE-2021-33677
SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure. El servidor ABAP de SAP NetWeaver y la Plataforma ABAP, versiones - 700, 702, 730, 731, 804, 740, 750, 784, expone funciones al exterior que pueden conllevar a una divulgación de información • https://launchpad.support.sap.com/#/notes/3044754 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 •
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 0CVE-2021-27610
https://notcve.org/view.php?id=CVE-2021-27610
SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system. SAP NetWeaver ABAP Server y ABAP Platform, versiones - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, no crea información sobre el usuario RFC interno y externo en un formato consistente y distinguible, lo que podría conllevar a una autenticación inapropiada y podría ser explotado por usuarios maliciosos para obtener acceso ilegítimo al sistema • https://launchpad.support.sap.com/#/notes/3007182 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999 • CWE-287: Improper Authentication •